[break]"></iframe><iframe src="[/break]

<iframe width="464" height="290" src=""></iframe><iframe src="" allowfullscreen="" frameborder="0" scrolling="no"></iframe>

Using (.*?) can allow anything to be accepted, leaving a site vulnerable to XSS. Using a regular expression like [a-zA-Z0-9], will allow the lower case alphabet, upper case alphabet and the numbers 0-9.

Suggested regular expression

You should also apply this to your other threads:

Messages In This Thread
Break - by Smite - 2014-01-04, 04:44 AM
RE: Break - by JordanMussi - 2014-01-04, 10:22 AM
RE: Break - by Smite - 2014-01-04, 02:51 PM

Forum Jump:

Users browsing this thread: 1 Guest(s)